Breach may have exposed St. Louis patient information online

ST. LOUIS (AP) — Personal information on more than 33,000 patients has been potentially made available to the public on the internet as a result of a security breach at BJC HealthCare in St. Louis.

The company disclosed the breach in a news release Monday. Patient information including medical records, names, addresses, Social Security numbers and other information was accessible through the internet from May 9 to Jan. 23. BJC cited a data server configuration error that was discovered during an internal security scan.

Patients were sent letters explaining what happened and offered free identity theft protection.

BJC says its investigation did not reveal that any personal data was actually accessed. The company says it has taken steps to prevent future errors from occurring.